An online forum of the ABA Section of Antitrust Law's Privacy and Information Security Committee

Monthly Archives: February 2010

On February 25, 2010, the FTC announced two separate settlements. One is a Stipulated Final Judgment and Order to settle a complaint, without trial, filed in the U.S. District Court, Northern District of Georgia. This settlement is with ControlScan, a company that provides privacy and data security certification to online retailers and other Web sites. Based on the same facts, Richard Stanton, the founder and former chief executive officer of ControlScan also agreed to settle charges pursued by the FTC at the Federal Trade Commission. The FTC charged that ControlScan misled consumers about how often ControlScan monitored the sites and the steps it took to verify the privacy and security practices of the sites that had ControlScan certificates. The settlements bars future misrepresentations. Mr. Stanton’s settlement requires him to give up $102,000 in "ill-gotten gains". The Stipulated Final Judgment and Order specifies that the complaint which it settles states a claim upon which relief may be granted against ControlScan under Sections 5(a)(1) and 13(b) of the FTC Act. A judgment against ControlScan of $750,000 is suspended, based on ControlScan’s inability to pay, but if the court finds that ControlScan misrepresented its financial condition, the entire amount will be payable immediately, less any amounts paid by Stanton.

Yesterday, February 25, 2010, the Federal Trade Commission filed notice of appeal to the DC Circuit Court of Appeals to attempt to reverse Judge Walton’s ruling late last year that the FTC cannot require practicing lawyers to comply with the Red Flags Rule. In August 2009, the American Bar Association challenged the applicability of the Red Flags Rule to lawyers, arguing that it would impose a serious burden on law firms. At that time, the ABA sought an injunction and declaratory judgment finding that lawyers were not covered. The FTC replied that lawyers should be covered because billing practices, such as charging clients on a monthly basis rather than upfront, made them “creditors” under the plain language of the Red Flags Rule. Judge Walton ruled from the bench in late October and issued his Order and Memorandum Opinion in December.

The Federal Trade Commission (“FTC”) is preparing for the third and final roundtable discussion on privacy.The first roundtable was held in December 2009 in Washington, DC, to explore privacy implications of developing technology and business practices that collect and use of consumer data.This event was followed by a second roundtable in Berkley, CA in January 2010.The discussion in Berkley focused on benefits and risks created by technology and the privacy implications of social networking, cloud computing, and mobile marketing.

The third roundtable will be held on March 17, 2010 in Washington, DC.At this event, panelists will discuss the collection and use of “sensitive” information.In preparation for this roundtable, the FTC has requested comments on the following issues:

How can we best achieve accountability for best practices or standards for commercial handling of consumer data? Can consumer access to and correction of their data be made cost effective? Are there specific accountability or enforcement regimes that are particularly effective?

What potential benefits and concerns are raised by emerging business models built around the collection and use of consumer health information? What, if any, legal protections do consumers expect apply to their personal health information when they conduct online searches, respond to surveys or quizzes, seek medical advice online, participate in chat groups or health networks, or otherwise?

Should “sensitive” information be treated or handled differently than other consumer information? How do we determine what information is “sensitive”? What standards should apply to the collection and uses of such information? Should information about children and teenagers be subject to different standards and, if so, what should they be?

For those who cannot join the discussion in person, a live webcast of this conference will be available at the FTC’s website.

These hearings are being held in preparation for introducing privacy legislation.Rep. Boucher (D-VA), the Chairman of the Subcommittee on Communications, Technology, and the Internet, has stated that he intends to introduce a bill to regulate online collection and use of consumer information.Privacy legislation is expected soon.